Sounds like you can just set sysval Quautocfg to no

John A. Candidi
American European Insurance Group
IT Systems, Application and Support Manager, CSO
Office (856-779-6915)
Mobile  (484-645-5598)
jacandidi@xxxxxxxxxxxxxxxxx



-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Roberto José Etcheverry Romero
Sent: Friday, March 23, 2012 9:48 AM
To: Midrange Systems Technical Discussion
Subject: Re: Signon Panel - How to Prevent Access

cant you change the SYVAL Automatic Virtual Device Configuration (or something like that)?
That way, telnet doesnt work because it doesnt specify a device and unauthorized 5250 doesnt either because they dont have a created dev...
Not the best in security but in most places that is enough.

Best Regards,


On Fri, Mar 23, 2012 at 9:12 AM, Jerry C. Adams <midrange@xxxxxxxx> wrote:
Patrick,

But wouldn't that prevent PC5250 sessions, such as mine, from
connecting?  I thought that all emulators used Telnet.

I just don't want sessions to autoconfigure, such as the QPADEVxxxx
sessions.  I have defined device descriptions for all of our
workstations and can, of course, add new ones if needed.

If I run Telnet (our ip address) from a DOS command prompt, a QPADEV
session starts and allows sign on.  That's the kind of thing that I want to prevent.
Our valid sessions are defined to use a specific device id, which I
have created, as I said.

I did have a situation at my previous employer whereby a device
description that I defined as a printer could be changed to a display
session.  I reported it to IBM Support who said, Ain't that special?!  
But working as designed, and rejected both my PMR and my DCR for that reason.

Jerry C. Adams
IBM i Programmer/Analyst
Slump?  I ain't in no slump.  I just ain't hitting. - Yogi Berra
--
A&K Wholesale
Murfreesboro, TN
615-867-5070


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Patrick Botz
Sent: Thursday, March 22, 2012 7:43 PM
To: Midrange Systems Technical Discussion
Subject: Re: Signon Panel - How to Prevent Access

Jerry, I just saw this. Based on your question, it sounds like you
don't want any telnet sessions. If that is correct, just don't start
telnet. You can keep telnet from auto starting  by changing the
autostart telnet attribute to *no.  I believe the cmd is CHGTELA or something close to hat.

Patrick Botz
botz@xxxxxxxxxxxxxxxxxxxxx
pbotz@xxxxxxxxxxxxx
507 319 5206

On Mar 16, 2012, at 2:29 PM, "Jerry C. Adams" <midrange@xxxxxxxx> wrote:

I have system values set as:

           QAUTOCFG  = 0

           QAUTOVRT = 0

Which, I thought, would prevent a telnet service, such as iSeries
Access or Telnet from a DOS command line, from gaining access to a
System i.  That is, no signon panel, no login.



Obviously, that's not true (we're on V5R1).  I was just working with
a purchasing guy.  He already had iSeries Access installed but no
PC5250 session configured.  So, without thinking, I started the
Create New
Session.
My immediate thought was, as I intimated earlier, "This is going to
blow up."  But it didn't.  I got one of those generic QPADEVxxxx sessions.



I, also, got the QPADEVxxxx signon when I ran Telnet from a DOS
command
box.



Is there any system value or whatever that would prevent access to a
signon panel?



Jerry C. Adams

IBM i Programmer/Analyst

Some of the facts are true, some are distorted, and some are untrue.
-
U.S.
State Department spokesman

--

A&K Wholesale

Murfreesboro, TN

615-867-5070



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].